#SSL#Let’s Encrypt Wildcard 免费泛域名证书正式上线了[附申请教程] | 阿Q博客

分享互联网干货
首页 » 实用工具 » #SSL#Let’s Encrypt Wildcard 免费泛域名证书正式上线了[附申请教程]

#SSL#Let’s Encrypt Wildcard 免费泛域名证书正式上线了[附申请教程]

实用工具 2018-03-14 2223 0
- N +

Let's Encrypt Wildcard 免费泛域名证书简介

今日凌晨,来自Let's Encrypt官方社区的消息,支持泛域名的野卡证书Let's Encrypt Wildcard Certificate正式上线了,按照官方原来的计划,本来是今年2月份就要上线的,据说是有部分bug没解决,就延期了,年初博主还特意去官方网站看,没看到有发表,今天正式上线,对于辛苦寻找廉价/免费野卡SSL证书的小伙伴来说,绝对是个好消息。

官方消息原文:https://community.letsencrypt.org/t/acme-v2-and-wildcard-certificate-support-is-live/55579

Let's Encrypt泛域名证书申请教程

注意:目前只支持DNS方式验证, 赞不支持HTTP验证,主流的DNS服务商都支持DNS API,比如CloudFlare、阿里云、CloudXNS、DNSPOD等

Linux各发行版都差不多,本文以CentOS系统环境为参考

首先连接到自己VPS的SSH(啥?你的不是VPS,额,那就等等看吧,目前Cpanel之类的面板还没跟进)

1、下载自动申请脚本Acme.sh

wget -O - https://get.acme.sh | sh

2、获取域名的Access Key ID和Access Key Secret

各不同的DNS API获取方式详情查看本文 https://github.com/Neilpang/acme.sh/blob/master/dnsapi/README.md

如果你的域名DNS比较偏,可以试试用dns alias模式申请:https://github.com/Neilpang/acme.sh/wiki/DNS-alias-mode

以阿里云DNS为例,登陆阿里云账户后,进入阿里云的accesskey获取地址 https://ak-console.aliyun.com/#/accesskey

获取自己的Access Key ID和Access Key Secret后,在SSH窗口输入下面的内容

export Ali_Key="你的阿里云Access Key ID"
export Ali_Secret="你的阿里云Access Key Secret"

执行签发命令(以qblog.org为例,实际执行的时候要把qblog.org替换成你的域名)

~/.acme.sh/acme.sh --issue --dns dns_ali -d qblog.org -d *.qblog.org

签发过程全自动进行,成功后会有绿色的success字样、一串你的证书字符,还有对应的证书存放目录

完整的签发过程操作:

[root@centos ~]# wget -O - https://get.acme.sh | sh
--2018-03-19 12:22:54--  https://get.acme.sh/
Resolving get.acme.sh... 130.211.247.207
Connecting to get.acme.sh|130.211.247.207|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 705 [text/plain]
Saving to: “STDOUT”

100%[==============================================>] 705         --.-K/s   in 0s      

2018-03-19 12:23:26 (197 MB/s) - written to stdout [705/705]

  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  163k  100  163k    0     0   163k      0 --:--:-- --:--:-- --:--:--  337k
[Mon Mar 19 12:23:27 CST 2018] Installing from online archive.
[Mon Mar 19 12:23:27 CST 2018] Downloading https://github.com/Neilpang/acme.sh/archive/master.tar.gz
[Mon Mar 19 12:23:30 CST 2018] Extracting master.tar.gz
[Mon Mar 19 12:23:30 CST 2018] It is recommended to install socat first.
[Mon Mar 19 12:23:30 CST 2018] We use socat for standalone server if you use standalone mode.
[Mon Mar 19 12:23:30 CST 2018] If you don't use standalone mode, just ignore this warning.
[Mon Mar 19 12:23:30 CST 2018] Installing to /root/.acme.sh
[Mon Mar 19 12:23:30 CST 2018] Installed to /root/.acme.sh/acme.sh
[Mon Mar 19 12:23:30 CST 2018] Installing alias to '/root/.bashrc'
[Mon Mar 19 12:23:30 CST 2018] OK, Close and reopen your terminal to start using acme.sh
[Mon Mar 19 12:23:30 CST 2018] Installing alias to '/root/.cshrc'
[Mon Mar 19 12:23:30 CST 2018] Installing alias to '/root/.tcshrc'
[Mon Mar 19 12:23:30 CST 2018] Installing cron job
[Mon Mar 19 12:23:30 CST 2018] Good, bash is found, so change the shebang to use bash as preferred.
[Mon Mar 19 12:23:30 CST 2018] OK
[Mon Mar 19 12:23:30 CST 2018] Install success!
[root@centos ~]# ls
anaconda-ks.cfg  install.log  install.log.syslog
[root@centos ~]# export Ali_Key="**********"
[root@centos ~]# export Ali_Secret="**********"
[root@centos ~]# ~/.acme.sh/acme.sh --issue --dns dns_ali -d jixiaocai.com -d *.qblog.org
[Mon Mar 19 12:25:33 CST 2018] Registering account
[Mon Mar 19 12:25:37 CST 2018] Registered
[Mon Mar 19 12:25:37 CST 2018] ACCOUNT_THUMBPRINT='**************'
[Mon Mar 19 12:25:37 CST 2018] Creating domain key
[Mon Mar 19 12:25:37 CST 2018] The domain key is here: /root/.acme.sh/qblog.org/qblog.org.key
[Mon Mar 19 12:25:37 CST 2018] Multi domain='DNS:qblog.org,DNS:*.qblog.org'
[Mon Mar 19 12:25:37 CST 2018] Getting domain auth token for each domain
[Mon Mar 19 12:25:41 CST 2018] Getting webroot for domain='qblog.org'
[Mon Mar 19 12:25:41 CST 2018] Getting webroot for domain='*.qblog.org'
[Mon Mar 19 12:25:41 CST 2018] Found domain api file: /root/.acme.sh/dnsapi/dns_ali.sh
[Mon Mar 19 12:25:43 CST 2018] Found domain api file: /root/.acme.sh/dnsapi/dns_ali.sh
[Mon Mar 19 12:25:45 CST 2018] Sleep 120 seconds for the txt records to take effect
[Mon Mar 19 12:27:46 CST 2018] Verifying:qblog.org
[Mon Mar 19 12:27:50 CST 2018] Success
[Mon Mar 19 12:27:50 CST 2018] Verifying:*.qblog.org
[Mon Mar 19 12:27:53 CST 2018] Success
[Mon Mar 19 12:27:53 CST 2018] Removing DNS records.
[Mon Mar 19 12:27:58 CST 2018] Verify finished, start to sign.
[Mon Mar 19 12:28:02 CST 2018] Cert success.
-----BEGIN CERTIFICATE-----
签发的证书代码
-----END CERTIFICATE-----
[Mon Mar 19 12:28:02 CST 2018] Your cert is in  /root/.acme.sh/qblog.org/qblog.org.cer 
[Mon Mar 19 12:28:02 CST 2018] Your cert key is in  /root/.acme.sh/qblog.org/qblog.org.key 
[Mon Mar 19 12:28:02 CST 2018] The intermediate CA cert is in  /root/.acme.sh/qblog.org/ca.cer 
[Mon Mar 19 12:28:02 CST 2018] And the full chain certs is there:  /root/.acme.sh/qblog.org/fullchain.cer

3、证书使用

用上面的命令签发证书后,到证书存放的目录复制对应的证书就可以安装了,这里不再阐述,也有非常多的教程,博主有空的话会更新下。

一般用完整的证书链fullchain.cer和密钥xxx.key就能安装了。

其它补充

暂无,等反馈了再更新

分享到您的社交平台:

发表评论: